Health care the next big target for identity theft?
Art Coviello, President of RSA Security, believes security threats to the health care industry may be on the rise. He implies that the institutions themselves may become a more lucrative target as the security of other industries gets better.
The for-profit companies servicing health care – pharmaceutical companies, labs and the like – generally have a pretty high level of sophistication and maturity around security but the health care institutions themselves, hospitals and doctors, don’t necessarily have that type of security.
...
They’re forever strapped for budget and they want to use their money, rightfully so, on new diagnostic equipment or new medical and surgical techniques and operating rooms, but think about the treasure trove of information at a health care site, whether it’s the equivalent of a Social Security number, name, address, phone number, mother’s maiden name, birthdays and even credit card or payment-type information.
...
It’s not that health care hasn’t been attacked but as we continue to lock down things, whether it’s doing a better job at financial services or bringing more attention to social networking sites, these guys are going to keep looking for more and more opportunities.
This makes sense. Attackers certainly aren’t going to just give up when one industry becomes more secure. They will migrate to other targets— easier targets. Specifically, when it comes to identity theft, a commercial bank might have the same private information as a local hospital— name, address, SSN, account information, etc. But if an attacker knows that the bank is heavily protected when compared to the hospital, he or she might simply go for the low-hanging fruit…
In a sense, the security practices of all these different institutions are linked together through the motivation of the attackers themselves.